The Circle Files — $420M of Un-Frozen USDC Since 2022

ZachXBT's dossier covered hacks, exploits, and theft incidents from 2022 to 2026 in which USDC was a material part of the stolen value and Circle, by his accounting, did not act. The five largest:

- **Drift Protocol** (April 1, 2026) — approximately $232 million in USDC bridged via CCTP over six hours during US business hours. - **Cetus** (Sui DEX, May 2025) — $223 million drained; significant USDC component. - **Mango Markets** (Solana, October 2022) — $110 million drained by Avraham Eisenberg using the same architectural pattern Drift would face four years later; significant USDC component. - **Curve depeg adjacent USDC** (2023) — multiple smaller incidents collectively in the tens of millions. - **Multi-protocol theft chains** (2024–2026) — drainer kits and address poisoning incidents in which the cash-out leg used USDC.

The cumulative total exceeds $420 million across the fifteen incidents. ZachXBT noted that in most cases the funds were traceable on-chain and remained at observable Circle-controlled bridge or wallet endpoints long enough for an action.

Circle's CEO Jeremy Allaire, speaking at a public event in Seoul on April 13, 2026, restated the company's position: "USDC will not be frozen without a court order — even as hackers walk away with millions."

The policy has been broadly consistent since Circle was founded. The framing — protect against ad hoc seizure by issuer, require judicial process — is principled. It is also what Coin Center, EFF, and other digital rights advocates have argued is the correct model for stablecoin issuers, particularly in the post-Tornado Cash policy environment.

The cost of the policy is the cost of judicial latency. A court order takes hours to days to obtain. The Drift attacker moved $232 million in six hours. By the time a TRO could realistically have been issued, the funds were on Ethereum mainnet, swapped via Jupiter and aggregators, and dormant.

Tether's 2026 posture has been notably more proactive. The data:

- **Year-to-date 2026, through May 8: $1.33 billion frozen** across approximately 370 addresses in the trailing 30 days alone ($514.64 million in that window). YTD already exceeds the $1.26 billion frozen in all of 2025. - **Cumulative since 2017: $5.17 billion frozen** across 9,856 addresses; only $602 million (11.6 percent) ever unfrozen; $1.32 billion permanently burned. - **T3 Financial Crimes Unit** (TRON + Tether + TRM Labs, launched September 2024) — $450 million+ in coordinated freezes cumulative by May 14, 2026. - **Iran $344M freeze** (April 23, 2026) — Tether moved within hours of OFAC's update. - **Turkey $544M freeze** (February 7, 2026) — Veysel Sahin illegal-gambling network, in coordination with Istanbul prosecutors. - **DSJ Exchange Ponzi $38.4M freeze** (May 4–5, 2026) — Tether froze in 72 hours during the ZachXBT-led takedown.

And — the cleanest illustration of the policy split — Tether stepped in directly on the Drift incident. On April 16–17, 2026, Tether committed $127.5 million as part of a $147.5–148 million recovery package (Tether plus partners) and replaced Circle as the protocol's settlement stablecoin. The bailout was, in commercial terms, both a customer-acquisition move and a public correction of Circle's non-action.

Tether and Circle operate under different regulatory architectures, and the difference partially explains the policy gap.

Circle is a US-incorporated entity. It is, since July 2025, subject to the GENIUS Act — a statute that requires permitted payment stablecoin issuers to implement BSA AML programs and OFAC sanctions screening, but that also imposes due-process obligations on how those programs are run. The framework is meant to prevent issuer over-action against innocent users. The DFINITY ckETH Minter freeze in March 2026 illustrates the failure mode the framework is designed to prevent: Circle froze sixteen legitimate businesses on a sealed civil-case theory. The framework correctly required Circle to unfreeze five of them within days.

Tether is registered in El Salvador and operates outside US BSA jurisdiction directly. Its freeze authority is contractual — terms of service customers agree to when they accept USDT — and operationally requires no court order. The T3 partnership formalizes Treasury and law-enforcement coordination without putting Tether under US statutory program obligations.

The result is asymmetric. Tether can freeze on intelligence; Circle, by its own policy, requires judicial process. Both positions have legitimate defenders.

If you operate a compliance program at an exchange, OTC desk, or payment processor, you do not get to choose the policies of your stablecoin issuers. You do, however, get to choose which stablecoin you settle in.

The 2026 reality is that USDT carries higher freeze probability than USDC. The Tether trailing-30-day freeze rate of $514 million in May 2026 is concentrated overwhelmingly on TRON (98.3 percent of value) and overwhelmingly against high-risk-origin addresses — sanctions, illicit gambling, pig butchering, DPRK overlap. If your customer base is high-volume TRON USDT in corridors with elevated risk (Turkish gambling exposure, Iranian broker corridor, Cambodian pig butchering laundering, Russian sanctions evasion), the probability that a settled deposit becomes inert on your books is non-trivial.

USDC, by contrast, has near-zero freeze probability under Circle's current policy unless a court order is issued. For low-risk corridors and US-domestic flows, this is operationally simpler. For high-risk corridors, it means the laundering proceeds remain liquid through your venue and you carry the AML risk yourself — not the issuer.

The Sanctuary read on this is direct: choose the stablecoin to match the risk profile of the corridor.

- For US-regulated, low-risk-corridor settlement (institutional treasury, regulated exchange-to-exchange flow, payments to MiCA-authorized CASPs): USDC is the cleaner instrument. Freeze risk is low; freeze surface area is judicially constrained. - For high-risk corridors (TRON USDT-dominant geographies, sanctions-evasion-adjacent flow, instant-swap-adjacent volume): the AML risk of accepting USDC is higher because Circle will not freeze laundered USDC even when it sits in your venue, leaving the AML cost on you. USDT in these corridors has higher freeze risk but lower carry risk because Tether's intervention reduces your downstream exposure.

This is not a moral judgment. It is a portfolio question. The two stablecoins have different operating profiles and should be deployed accordingly.

The Drift incident put pressure on Circle's policy in a way no previous incident had. The combination of (a) Circle's own bridge being the laundering vector, (b) Circle's CFO publicly defending non-action at the same time the funds were in motion, and (c) Tether stepping in commercially with the bailout produced a market read that Circle's policy has commercial cost.

Coin Center and EFF will continue to argue that the principled position is correct. They are right on principle. The cost of being right on principle is that the market for stablecoin settlement increasingly routes around USDC for incidents where USDC's policy creates AML risk for downstream operators.

If Circle's posture changes — if a future incident produces a Circle freeze on intelligence rather than court order — the GENIUS Act framework will get its first real test. The framework is designed to prevent over-action; it does not actively require under-action. Circle has interpreted it conservatively. The next administration of the framework may interpret it differently.

Sanctuary's freeze-pipeline data covers thirteen stablecoin contracts across eight chains with fifteen-minute polling. The pipeline records freeze events as they happen and produces an addressable history of which addresses were frozen, by whom, and when.

For 2026 YTD, the pipeline data shows:

- USDT freezes: hundreds of events, total value over $1.33 billion, median latency from public exploit/incident disclosure to freeze under 24 hours for high-volume incidents. - USDC freezes: a small number of events, total value under $50 million, and the highest-profile event of the year (the March 23 sixteen-wallet sweep) was substantially reversed within 72 hours.

The gap is the article. Compliance teams that have integrated Sanctuary's freeze pipeline see the gap quantified in their dashboards. Decisions about which stablecoin to settle in for which corridor follow from the data.

The freeze probability of the stablecoin in your customer's wallet is now part of the compliance cost of accepting it.

Tether will freeze on intelligence. Circle will freeze on court order. Neither is wrong. Both are operating policies with operational consequences. Match the stablecoin to the corridor. If you do not, you are choosing to carry the AML risk the issuer chose not to.